security-threat-model

# Threat Model Source Code Repo Deliver an actionable AppSec-grade threat model that is specific to the repository or a project path, not a generic checklist. Anchor every architectural claim to evidence in the repo and keep assumptions explicit. Prioritizing realistic attacker goals and concrete impacts over generic checklists. ## Quick start 1) Collect (or infer) inputs: - Repo root path and any in-scope paths. - Intended usage, deployment model, internet exposure, and auth expectations (if known). - Any existing repository summary or architecture spec. - Use prompts in `references/prompt-template.md` to generate a repository summary. - Follow the required output contract in `references/prompt-template.md`. Use it verbatim when possible. ## Workflow ### 1) Scope and extract the system model - Identify primary components, data stores, and external integrations from the repo summary. - Identify how the system runs (server, CLI, library, worker) and its entrypoints. - Separate runtime behavior from CI/build/dev tooling and from tests/examples. - Map the in-scope locations to those components and exclude out-of-scope items explicitly. - Do not claim components, flows, or controls without evidence. ### 2) Derive boundaries, assets, and entry points - Enumerate trust boundaries as concrete edges between components, noting protocol, auth, encryption, validation, and rate limiting. - List assets that drive risk (data, credentials, models, config, compute resources, audit logs...